Wind River Support Network

HomeDefectsLIN1023-17435
Acknowledged

LIN1023-17435 : Security Advisory - linux - CVE-2025-68231

Created: Dec 16, 2025    Updated: Dec 18, 2025
Found In Version: 10.23.30.1
Severity: Standard
Applicable for: Wind River Linux LTS 23
Component/s: Kernel

Description

In the Linux kernel, the following vulnerability has been resolved:[EOL][EOL]mm/mempool: fix poisoning order>0 pages with HIGHMEM[EOL][EOL]The kernel test has reported:[EOL][EOL]  BUG: unable to handle page fault for address: fffba000[EOL]  #PF: supervisor write access in kernel mode[EOL]  #PF: error_code(0x0002) - not-present page[EOL]  *pde = 03171067 *pte = 00000000[EOL]  Oops: Oops: 0002 [#1][EOL]  CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Tainted: G                T   6.18.0-rc2-00031-gec7f31b2a2d3 #1 NONE  a1d066dfe789f54bc7645c7989957d2bdee593ca[EOL]  Tainted: [T]=RANDSTRUCT[EOL]  Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014[EOL]  EIP: memset (arch/x86/include/asm/string_32.h:168 arch/x86/lib/memcpy_32.c:17)[EOL]  Code: a5 8b 4d f4 83 e1 03 74 02 f3 a4 83 c4 04 5e 5f 5d 2e e9 73 41 01 00 90 90 90 3e 8d 74 26 00 55 89 e5 57 56 89 c6 89 d0 89 f7 <f3> aa 89 f0 5e 5f 5d 2e e9 53 41 01 00 cc cc cc 55 89 e5 53 57 56[EOL]  EAX: 0000006b EBX: 00000015 ECX: 001fefff EDX: 0000006b[EOL]  ESI: fffb9000 EDI: fffba000 EBP: c611fbf0 ESP: c611fbe8[EOL]  DS: 007b ES: 007b FS: 0000 GS: 0000 SS: 0068 EFLAGS: 00010287[EOL]  CR0: 80050033 CR2: fffba000 CR3: 0316e000 CR4: 00040690[EOL]  Call Trace:[EOL]   poison_element (mm/mempool.c:83 mm/mempool.c:102)[EOL]   mempool_init_node (mm/mempool.c:142 mm/mempool.c:226)[EOL]   mempool_init_noprof (mm/mempool.c:250 (discriminator 1))[EOL]   ? mempool_alloc_pages (mm/mempool.c:640)[EOL]   bio_integrity_initfn (block/bio-integrity.c:483 (discriminator 8))[EOL]   ? mempool_alloc_pages (mm/mempool.c:640)[EOL]   do_one_initcall (init/main.c:1283)[EOL][EOL]Christoph found out this is due to the poisoning code not dealing[EOL]properly with CONFIG_HIGHMEM because only the first page is mapped but[EOL]then the whole potentially high-order page is accessed.[EOL][EOL]We could give up on HIGHMEM here, but it's straightforward to fix this[EOL]with a loop that's mapping, poisoning or checking and unmapping[EOL]individual pages.
Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube